package com.chongbangbang.config;

import com.chongbangbang.enums.UserRoleEnum;
import com.chongbangbang.service.UserRoleService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

import javax.sql.DataSource;



/**
 * Spring security config
 */

// AOP: 拦截器
@EnableWebSecurity
@Configuration
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    public SpringSecurityConfig(DataSource dataSource) {
    }

    @Autowired
    UserRoleService userRoleService;


    // 授权,authorization
    @Override
    protected void configure(HttpSecurity http) throws Exception {

        // 首页所有人可以访问, 但功能页只有对应的人才能访问
            // 链式编程
        http.authorizeRequests()
                .antMatchers("/","/index").permitAll()
                .antMatchers("/register","/login","/toLogin").permitAll()
//                .antMatchers("/static/**").permitAll() // SpringBoot有默认的静态资源过滤
//                .antMatchers("/*").hasRole(UserRoleEnum.ADMIN.getRole());
                .antMatchers("/*").permitAll();

        // 没有权限默认跳转到登录页面,它的默认登录页面路径为/login
        http.formLogin()
                .usernameParameter("username")
                .passwordParameter("password") // 登录表单的name不是username和password时使用
                .loginPage("/toLogin")
                .loginProcessingUrl("/login") // 登陆表单提交请求
                .defaultSuccessUrl("/index"); // 设置默认登录成功后跳转的页面


        // 开启注销,默认的注销页面在/logout,所以我们要到前端写一个注销链接
        http.headers().contentTypeOptions().disable();
        http.headers().frameOptions().disable(); // 图片跨域
        http.csrf().disable();//关闭csrf功能:跨站请求伪造,默认只能通过post方式提交logout请求
        // 注销完成了跳转到首页
        http.logout().logoutSuccessUrl("/index");


        // 记住我功能, 就是把用户信息放在cookie里,默认保存两周,用户下次不用再登录了
        http.rememberMe().rememberMeParameter("rememberMe"); // 前端记住我的name值
    }

    // 认证, authentication
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

        // 通过内存认证
//        auth.userDetailsService(userService).passwordEncoder(passwordEncoder());
        auth.inMemoryAuthentication()
                .passwordEncoder(passwordEncoder())
                .withUser("admin")
                .password(passwordEncoder().encode("123456")).roles(UserRoleEnum.ADMIN.getRole());

        // TODO 通过UserDetailsService接口认证
//        auth.userDetailsService(userRoleService).passwordEncoder(passwordEncoder());
    }

    // 密码加密方式
    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }
}


